Most companies worldwide are failing to measure cyber security effectiveness and performance, according to the latest cyber security report from Thycotic. According to the findings, more than half of the 400 respondents in the survey, 58%, scored an “F” or “D” grade when evaluating their efforts to measure their cyber security investments and performance against best practices. The results highlights the concerns many have towards cyber attacks but with organisations making blind security investments, is this handing control back to the hackers? Javvad Malik, Security Advocate at AlienVault commented below.
Javvad Malik, Security Advocate at AlienVault:
“The issue of what cyber security investments a company should make, and how effective they are is a long-standing one. A few years ago, Wendy Nather, then research director at 451 Research, sought to establish the real cost of security. I then conducted research, while I was a 451 Research senior analyst, on the issue of security shelfware and which security investments are most likely to end up gathering virtual dust.
“In many cases, these are broader management, strategy, and procurement decisions that are part and parcel of each individual companies needs.
“There is always room for improvement, however, it’s worth bearing in mind that many companies have changed very rapidly over the last decade, so it will take some time for security investments and practices to mature and embed themselves into the fabric of a business.
“That being said, these are internal issues, and does not correlate directly to hackers, or their winning of any war.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.